Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:23:04 UTC

Unauthorised USB Device

High Investigating
ALR-00141 · 2026-04-08T10:20:32Z

Description

Unauthorised USB mass storage device connected to VM-DEV-01 by user 'k.brown'. Device blocked by Firewall endpoint policy.

Alert Metadata

Alert ID
ALR-00141
Timestamp
2026-04-08T10:20:32Z
Severity
High
Status
Investigating
Detection Source
Firewall
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
VM-DEV-01
User Account
k.brown
Source IP
194.51.62.40
Destination IP
10.1.217.121
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Initial Access
Technique
T1091
Reference
attack.mitre.org/techniques/T1091

Investigation Timeline

10:20:32 Event ingested by SOC365 Engine
10:20:37 EmilyAI triage started — correlation enrichment
10:20:39 EmilyAI confidence: 92% — escalated to human analyst
10:20:51 Alert assigned to analyst: James Okonkwo
10:22:11 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00305 1h ago Unauthorised USB Device Low Escalated SRV-WEB-01
ALR-00432 1h ago Malware Signature Match Informational Escalated VM-DEV-01
ALR-00229 6h ago Unauthorised USB Device Medium Open SRV-BACKUP-01
ALR-00091 16h ago Kerberoasting Attempt Informational Investigating VM-DEV-01
ALR-00281 1d ago Unauthorised USB Device Low Investigating SW-CORE-01